HITRUST has rolled out its new HITRUST Shared Responsibility Program and Matrix Version 1.0, which it lauds as the first common model for overseeing and communication privacy and security responsibilities between cloud service providers and their clients.
The brand new Matrix approach intends to clarify the duties and responsibilities regarding ownership and operation of security controls, according to HITRUST – automating and streamlining the assurance procedure when privacy and security controls are shared or inherited.
It is part of HITRUST’s Shared Responsibility Program, which was rolled out to handle the growing misunderstandings, risks and complexities when working with service providers.
The program is backed by a working group consisting of executives from Armor, Amazon Web Services, Microsoft Azure, Google, and Salesforce, as well as enterprise cloud clients, cloud-professional-services corporations and solution providers.
HITRUST says healthcare groups will benefit from smoothened communication processes in addition to lowered inefficiencies and pressures of compliance when leveraging services from cloud providers.
HITRUST points to IDC analysis that discovered 48% of organizations have applications in one public cloud that frequently communicate with applications in a different public cloud.
It says the Matrix will help healthcare groups such as those easier to reach contracts with their cloud service providers about who is chargeable for individual security and privacy controls – helping ensure that all appropriate controls are well handled.